FQDNs in masters-list (was: Help: Secondary for...)
Brad Knowles
brad.knowles at skynet.be
Tue Mar 6 22:40:50 UTC 2001
At 4:20 PM -0500 3/6/01, Kevin Darcy wrote:
> Well, actually, TSIG-authenticated Dynamic Updates work fine, but this is
> rather beside the point: the original suggestion called for signed
> *NOTIFYs*, not Dynamic Updates. Signed NOTIFYs are technically illegal, but
> a slight extension to RFC 1996 would permit them.
Do you actually have code that implements TSIG-authenticated
dynamic updates? I'm not personally aware of any, but then I concede
that I haven't been following this issue as closely as I should.
Of course, as you point out, that does actually solve only part
of the problem. Indeed, I'm not convinced that even signed NOTIFYs
would entirely solve the rest of the problem -- when you configure a
nameserver to pull secondary from another, the configuration details
of which machine you pull secondary from are actually outside the
scope of the DNS protocol, and is a configuration detail of your
particular nameserver software.
--
======================================================================
Brad Knowles, <brad.knowles at skynet.be>
More information about the bind-users
mailing list